More crime is occurring electronically, making it necessary for law enforcement officers to keep up with technological advancements in computer forensic investigations. Investigations involving cyber-crimes begin with the computer systems themselves. The types of data found on computer systems include active data, recovered data, and unused space. Beyond simply retrieving files, forensic investigators are able to determine if computer data has been tampered with or damaged. The technology and protocols involved in recreating the primary users’ computer activities are presented and include recreating the chain of events, accessing encrypted files, and searching for certain software programs designed to wipe files. Four tenets that should be followed by computer forensic investigators are outlined; the tenets ensure the proper handling of computer systems: (1) no evidence should be damaged; (2) no viruses should be introduced; (3) extracted data should be protected from damage; and (4) chain of evidence protocols should be observed. Data analysis should be performed on a mirror image of the computer evidence in order to ensure the preservation of the original evidence. It is also important to be aware of the environmental conditions to which the computer and any extracted data are exposed; magnetic fields, cold temperatures, and static discharge can damage electronic media. The investigation should also extend to the physical environment in which the computer is located; post-it notes with computer passwords may be in close proximity to the computer. Finally, it should be kept in mind that when computer users push the “delete” button, an electronic fingerprint of the data remains on the computer and forensic investigators can retrieve it. In an e-information age, law enforcement agencies need to remain current on computer forensic technological innovations. A textbox presents information on where law enforcement officers can receive training.